[ BUG ] Windows Certificate-Based Machine Learning Exclusions - not implemented

[59e5aaf4]

( similar to https://github.com/CrowdStrike/falconpy/issues/1252 :D ) Describe the bug

• "Release Notes | Windows Certificate-Based Machine Learning Exclusions" was just published

These API endpoint ( below ) are not available through psfalcon, please implement :D ( notably in your fancy zip-based config migration code ) ( I don't need that, just pointing at parts that will likely explode :D )

What you can do	Endpoint
Create a machine learning (certificate) exclusion	POST /exclusions/entities/cert-based-exclusions/v1
Search for machine learning (certificate) exclusions	GET /exclusions/queries/cert-based-exclusions/v1
Get detailed info about one or more machine learning (certificate) exclusions	GET /exclusions/entities/cert-based-exclusions/v1
Update settings for an existing machine learning (certificate) exclusion	PATCH /exclusions/entities/cert-based-exclusions/v1
Delete one or more machine learning (certificate) exclusions	DELETE /exclusions/entities/cert-based-exclusions/v1

• the ​/exclusions​/entities​/certificates​/v1 API endpoint which "Retrieves certificate signing information for a file" in the swagger doc which isn't in the release message. It accepts a sample sha256

To Reproduce

Read the documentation of psfalcon, there's no mention of the cert-based-exclusions API

Expected behavior

1/ it's documented 2/ it's implemented

:D

thanks !

[bk-cs]

These endpoints were added in v2.2.7. See release notes.

• Edit-FalconCertificateExclusion
• Get-FalconCertificate
• Get-FalconCertificateExclusion
• New-FalconCertificateExclusion
• Remove-FalconCertificateExclusion

They are not currently part of Import-FalconConfig or Export-FalconConfig and are not yet listed on the PSFalcon Wiki, but you can view their individual help pages using Get-Help <command> -Online.